解决k8s访问报anonymous cannot get path的问题


k8s图形界面登录报错如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
   
  },
  "status": "Failure",
  "message": "forbidden: User "system:anonymous" cannot get path "/"",
  "reason": "Forbidden",
  "details": {
   
  },
  "code": 403
}

证书问题,添加证书
使用client-certificate-data和client-key-data生成一个p12文件

生成client-certificate-data

1
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt

生成client-key-data

1
grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key

生成p12

1
openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"

kubecfg.p12就是生成的个人证书

下面是Chrome和Firefox浏览器导入证书

然后关闭浏览器,重新登录后通过token登录就可以了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@master ~]# kubectl get secret -n kube-system |grep admin|awk '{print $1}'
dashboard-admin-token-swhrz
[root@master ~]# kubectl describe secret/dashboard-admin-token-swhrz -n kube-system
Name:         dashboard-admin-token-swhrz
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: d59adb94-f4ae-4180-8b69-4cd8f2c2e5f4

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ikp2bV9pZmNIR0xqLUxRREd3QlRzNU1pdnBkYnMxTXRlWG15alBidW0xNTAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tc3docnoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZDU5YWRiOTQtZjRhZS00MTgwLThiNjktNGNkOGYyYzJlNWY0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.K0td6E4SjkgjQvQ9ucxecNkhEFmKhOtrwlgNpq2yJZvdm_MOuSAl4P7J7PGkFf6UoEXJ1jgk4eyMeLR9eJZ8KV9rwTt5U-snH_dGetejeofI6pk0aIHWyIq7KnuKbH8m_Q8Ok4eDatOW06_Q8hs0ZYktZ-J5uPytuS0jUuG47pxRTu5PwFtR-svypE7mP7Sz1rORyT7wultWysvA1zFS93DhRlIBJwbvv2UQI9cDbJcXl3x-HItPpZaPFrGqKTRZoXvAxoaUCm7BhPm9XO0xhE5H_ItGO09IZnb_Ib3kCF-W9-9fITPBIo4vaF9Z7m7nbaz9StID2RrCWV7iP1ysgg

最后通过token登录,输入上面那串token值即可